Hey All, I've got a FreeBSD 7 box set up at work and I'm seeing the following message in my periodic daily security output:

Code:

*myhostname* kernel log messages:
+arplookup ###.###.55.183 failed: host is not on local network
+arplookup ###.###.55.183 failed: host is not on local network
+arplookup ###.###.55.183 failed: host is not on local network

Where ###.###.55.183 is a local IP address. I did some digging and found out that this is probably due to a netmask configuration problem, but I'm not sure how to resolve it properly.

This server is new and doesn't really do anything right now, it basically just has SSH running. It's on a local University network that uses multiple subnets. So the server has an IP like ###.###.54.106 while the IP address I'm seeing in the security output is ###.###.55.183. These IP addresses are statically assigned, we've actually got servers on the .55 and .54 subnets.

Your interface is configured with a netmask of 255.255.255.0 or /24. This means that the first 24 bits (or three octets) form the network. In your case: xxx.xxx.54.0 is the network.

This means you can only see IPs from xxx.xxx.54.0 through xxx.xxx.54.255.

If you need to see IPs on the xxx.xxx.55.0 network as well, then you need to make your netmask smaller. You'll need to contact your network admin to find out what the correct subnet mask is.

(As a quick-n-dirty hack, you can make your subnet mask 255.255.0.0 or /16 and you'll see all the IPs from xxx.xxx.0.0 through xxx.xxx.255.255. But that's a bad hack, and you really should use the correct subnet mask.)

Your interface is configured with a netmask of 255.255.255.0 or /24. This means that the first 24 bits (or three octets) form the network. In your case: xxx.xxx.54.0 is the network.

This means you can only see IPs from xxx.xxx.54.0 through xxx.xxx.54.255.

If you need to see IPs on the xxx.xxx.55.0 network as well, then you need to make your netmask smaller. You'll need to contact your network admin to find out what the correct subnet mask is.

(As a quick-n-dirty hack, you can make your subnet mask 255.255.0.0 or /16 and you'll see all the IPs from xxx.xxx.0.0 through xxx.xxx.255.255. But that's a bad hack, and you really should use the correct subnet mask.)

Ok, so apparently our Network Services department assigns static IP address through DHCP. So the fix was to run dhclient on my network interface and it was automagically given the correct IP address and netmask:

Thanks for the in-depth response phoenix, I talked to a coworker of mine who is more familiar with our network and apparently I need to read up on networking. I was mistaken when I said that "we've actually got servers on the .55 and .54 subnets." Apparently the subnet spans from ###.223.54.0 to ###.223.55.255. So yeah, I've got some more reading to do. Thanks again!

You are using a /23 subnet mask, or 255.255.254.0 . (binary 111111111.11111111.11111110.0000000 - when you look at how subnets work, you'll see how the binary is important.) In todays world of sharply limited internet addresses, tricks like this to make best use of a limited assignment of addresses are becoming more common.

__________________The only dumb question is a question not asked.
The only dumb answer is an answer not given.